扩展的代数侧信道攻击及其应用

Renauld等人提出的代数侧信道攻击是将代数攻击和侧信道攻击结合起来的一种对分组密码的攻击方法.目前的研究主要针对算法的8-bit实现平台,对于更大的如64-bit实现平台,未见文献讨论.为此,本文提出一种扩展的代数侧信道攻击,直接将侧信道信息表示为密钥的显式函数.相比于通常的代数侧信道攻击,所需泄露信息更少.作为应用,给出了对LBlock轻量级分组密码的扩展的代数侧信道攻击,结果如下:对于64-bit平台实现的LBlock,假设其1-3轮输出的Hamming重量可以准确获得,则利用35个已知明文,便可建立关于LBlock 80-bit主密钥的非线性方程组;在普通的PC机上,利用Magma数学软件v2.12-16求Groebner基,1分钟内可以求得80-bit主密钥.这是对LBlock的首个代数侧信道攻击,同时说明Renauld等人给出的对代数侧信道攻击的其中一个防范方法:"将实现方法从8-bit平台转移到更大的设备"是不够的.

Extended Algebraic-Side Channel Attack and Its Application

Algebraic-side channel attack(ASCA) was proposed by Renauld et al.which combines algebraic attack and side channel attack.The current research of ASCA mainly focuses on the 8-bit implementation of a block cipher.For 64-bit platform,there is no such research.This paper gives an extended algebraic side channel attack which represents the leaked information as explicit function of the key bits.Compared with the original ASCA,the extended ASCA needs less leaked information.As an application,we give an extended ASCA on LBlock light weight block cipher:For LBlock implemented on 64-bit platform,if the Hamming weight of the output of 1-3 round of LBlock can be obtained without error,then with 35 known plaintexts,an equation system concerning the 80 bit maser key can be set up;on a general PC,the 80 bit master key can be obtained in a minute by using Magma mathematical software v2.12-16 to find the Groebner basis.This is the first ASCA attack on LBlock,which shows that the method of moving form 8-bit platform to larger devices suggested by Renauld et al.to prevent ASCA is not enough.